Intel’s Software Guard Extensions (SGX) feature allows programs to establish secure enclaves on Intel processors. The secure enclave develops a safe haven for sensitive information, even if malware or another malady compromises the main computer. A global research group comprising of researchers from five academic institutions discovered that even though SGX can mostly repel Spectre and Meltdown attacks, a related attack can actually bypass its defenses. This is called Foreshadow.
Foreshadow attacks, according to the researchers, is a risky attack on Intel processors, which permits an attacker to steal confidential information stored inside personal computers or third-party clouds. Foreshadow is available in two versions:
The original attack designed for extracting data from Software Guard Extensions (SGX) enclaves
A Next-Generation version which affects hypervisors (VMM), operating system (OS) kernel memory, System Management Mode (SMM) memory, and Virtual Machines (Vms).
The vulnerabilities allow reading the data from an area of fast memory called the L1 cache, which is available to each processor core. An attacker can actually use the exploits to read any data held in the cache, including the operating system’s kernel, protected data belonging to the System Management Mode (SMM), or to other virtual machines (VMs) working on third-party clouds.
From a theoretical viewpoint, it could be possible to use the exploits for stealing information from virtual machines running on private or public clouds, as they allow a malicious VM running on the cloud to read memory that belongs to the VM’s hypervisor or memory that belongs to another guest VM. However, the VMs will have to be running on the same processor core for an attack to be successful.
The three related Foreshadow attacks include:
- CVE-2018-3615 (for SGX)
- CVE-2018-3620 (for operating systems and SMM)
- CVE-2018-3646 (for virtualization)
The exploits have also been used for compromising the protections offered by SGX. While SGX can store data and applications within a secure section of memory, an “enclave” protected from inspection or modification, Foreshadow attacks, on the other hand, can be used for extracting the attestation keys used for verifying the identity of a secure SGX enclave, permitting an attacker to trick the system into designating an insecure portion of memory as being secured by SGX. Such attacks can be prevented by installing a reliable antivirus software that would execute efficient virus protection measures and thus safeguard all sensitive data.
The Foreshadow researchers place emphasis on the challenges and limitations of actually executing the attack in the wild. They state that easy, cheap, and effective techniques like malware distribution and phishing are still the most cost-effective and obvious choice for targeting individuals. Compared to those, Foreshadow would indeed be impractical. Additionally, SGX is a specialized feature not used by most individuals.
The findings indeed still speak to longstanding concerns and questions about reliance on SGX—and whether for all its benefits it also has the downside of turning into a single point of failure for everyone’s most sensitive data and software.
Despite the fact that not all users rely on SGX, an increasing number of secure services are exploring the possibility of using it in their consumer products. On the whole, Intel will have to patch things thoroughly and quickly as the company has now studied that many more processor systems are susceptible to Foreshadow-type attacks than just SGX. Intel and the Foreshadow researchers suggest that enterprises and individuals will have to regularly update their devices and also be aware of the fact that leading cloud companies are already working on mitigating Foreshadow. There seems to be a continuous growth of chip architecture in order to head off future speculative execution flaws. Intel states that the ongoing developments in its pipeline will be launched into the market at the end of the year. However, for now, there seems to be a spread in new, nasty attacks and hence Foreshadow attacks may just be a dramatic name, but in this case, it is also apt.